Hi,I am using openldap-2.4.26 on one machine, and pam_ldap-186 and nss_ldap-265 on another machine, both machines running Fedora-10. I am trying for a secure communication using TLS/SSL. when I try to connect to the LDAP client machine using SSH, after authentication success the shell prompt is returned after 3 min or 4 mins. I don't know why it is taking so much time. This is happening for the users which are present only in LDAP database i.e. this user is not created on the client machine. At the server side I am getting following errors. TLS: can't accept: (unknown).connection_read(18): TLS accept failure error=-1 id=1068, closingconnection_closing: readying conn=1068 sd=18 for closeconnection_close: conn=1068 sd=18daemon: removing 18conn=1068 fd=18 closed (TLS negotiation failure)daemon: epoll: listen=7 active_threads=0 tvp=NULLdaemon: activity on 1 descriptordaemon: activity on:daemon: epoll: listen=7 active_threads=0 tvp=NULL I have created the CA certificate with CA.sh script. I followed the procedure given below.http://octaldream.com/~scottm/talks/ssl/opensslca.html I copied the same cacert.pem file from server to the client machine afte running the above procedure on server machine. The configuration files are as follows.slapd.conf include         /usr/local/etc/openldap/schema/core.schemainclude         /usr/local/etc/openldap/schema/cosine.schemainclude         /usr/local/etc/openldap/schema/inetorgperson.schemainclude         /usr/local/etc/openldap/schema/nis.schema LSCipherSuite          HIGH:MEDIUM:+SSLv2:+SSLv3:RSATLSCACertificateFile    /etc/pki/CA/cacert.pemTLSCertificateFile      /etc/pki/tls/misc/newcert.pemTLSCertificateKeyFile   /etc/pki/tls/misc/newkey.pemTLSVerifyClient         allow pidfile         /usr/local/var/run/slapd.pidargsfile        /usr/local/var/run/slapd.args access to attrs=userPassword by self       write by anonymous  auth by *          none access to * by *         read######################################################################## BDB database definitions####################################################################### database        bdbsuffix          "dc=samsung,dc=com"rootdn          "cn=Manager,dc=samsung,dc=com"# Cleartext passwords, especially for the rootdn, should# be avoid.  See slappasswd(8) and slapd.conf(5) for details.# Use of strong authentication encouraged.rootpw          123qwe# The database directory MUST exist prior to running slapd AND# should only be accessible by the slapd and slap tools.# Mode 700 recommended.directory       /usr/local/var/openldap-data# Indices to maintain#unique id so equality match onlyindex   uid     eqindex   userPassword    eq#allows general searching on commonname,givenname and mailindex   cn,gn,sn,ou,o,mail eq,subindex   objectClass     eq

and ldap.conf has the following configuration base dc=samsung,dc=comuri ldaps://localhost.localdomain/tls_cacertfile  /etc/pki/CA/cacert.pempam_password md5nss_map_attribute gecos description

Please let me know where I am making mistake? how to fix this problem. Warm RegardsVijay S.